When Canadian Tourist Byuhgsoo Soo Son picked up a rental car from a Payless office in San Francisco last November and set off with his wife and son on a 12-day tour of the California coast, Las Vegas, and the Grand Canyon, he had no idea how pricey that trip would be. Upon dropping off the car, he was floored when the expected US$260 charge turned out to be a whopping $3400, the result of a $1-a-mile fee that kicked in when Son crossed the California-Nevada border. Accompanying the bill was a detailed map of the family's route, made possible by the Global Positioning System tracking device installed in the car. Son had never bothered to read all of the fine print in his rental contract-who does, really?-which mentioned the out-of-state penalty and the possible presence of a tracking device.
Get used to it. One-fourth of rental cars in the United States now have GPS tracking installed, and over the last several years, at least two other companies have used the devices to fine errant drivers. If the car were stolen, or it broke down in a desert or a snowstorm, the trackers could be a lifesaver, the rental companies say. Some renters, if asked, might even appreciate a map of their trip as a souvenir. But having your every move tracked like a fugitive's? Most drivers, surely, would object.
Here's the problem with information: it spreads. "Once information exists, it's virtually impossible to limit its use," says David L. Sobel, general counsel of the Washington, D.C.-based Electronic Privacy and Information Center. "You have all this great data lying around, and sooner or later, somebody will say, 'What else can I do with it?'"
Over the last several years, new tracking and monitoring technologies coupled with new data-mining initiatives and a more permissive attitude toward surveillance have made it possible to deploy many creative, and intrusive, uses of our personal information. Life is undoubtedly made more convenient by key-chain tags that let you pay for gas right at the pump, wireless payment systems that let you drive through tolls without stopping, and fingerprint authentication systems that ensure you are who you say you are. Where there have been problems, they've tended to be more annoying than horribly invasive-an erroneous charge to your credit card or an unsolicited pitch for a new whitening toothpaste based on your past purchases.
But as new technologies and uses of data are being added seemingly every day, the potential for greater abuse is growing, say Sobel and other privacy experts. Meanwhile, legal protections are lagging far behind. What Son's rental car company did might have been a little sleazy, but it was perfectly legal.
Already, you're giving away more information than you probably realize. At the office, wireless security cards track your comings and goings; your employer could be keeping tabs on your e-mail, phone calls, and maybe even your keystrokes. When you surf the Web, government agencies and businesses can see which sites you visit, if they care to look. Emergency initiatives like Enhanced 911 in the United States and Enhanced 112 in Europe can pinpoint your location through your cellphone. Use a credit card or a loyal-shopper card, and your every purchase is logged. If you're visiting the United States from abroad, you now surrender your digitized fingerprints and photo at the border. And nearly everywhere you go-from the bus stop to the parking lot to the ATM to the fitting room-surveillance cameras are watching you.
Among the biggest collectors and purveyors of your personal information are data aggregators like Acxiom Corp., in Little Rock, Ark., and ChoicePoint, in Alpharetta, Ga. It's their business to buy up information about ordinary citizens, correlate it with the billions of other records in their data warehouses, and then sell the information-to employers doing background checks, insurers and landlords doing credit checks, and, especially since 9/11, government agencies doing security checks.
For $20, you can see what others see: your ChoicePoint report listing your phone numbers, the current market value of the real estate you own, your car loans, any outstanding liens and judgments, and any pilot, maritime, radio, drug, and gun licenses you hold-plus the names, birth dates, and social security numbers of not just you, but your spouse, children, and parents, plus any friends with whom you've jointly filed legal documents.
So what more is there to know? Plenty. While more traditional sources of information paint a picture of you in coarse strokes, newer and soon-to-emerge data-gathering technologies offer a much finer-grained image-where you are and what you're doing at any given time. These technologies include cheap and ubiquitous radio-frequency ID (RFID) tags, distributed and virtually invisible sensor networks, biometric scanners, and "smart" video surveillance. In the name of law enforcement, security, cost-saving, and convenience, commercial and government networks are digging ever deeper, gathering, sifting, and-increasingly-sharing data, uncovering what they hope will be pure, precise nuggets of information [see ," for some current surveillance technologies]. Coupled with advances in networking, wireless communication, computation, and data mining, the result is that what we used to think of as deeply personal affairs are increasingly matters for public consumption.
Against that crushing tide of data, a few researchers are conjuring up countermeasures. New database filters, for example, will let users search through sensitive information without uncovering personal data, while location-blocking algorithms and surveillance camera filters can obscure your exact position.
Such efforts are sorely needed. A new U.S. Department of Defense-sponsored report on the privacy implications of the government's data-mining activities warns of data-mining tools being "used by the government to scrutinize personally identifiable data concerning U.S. persons who have done nothing to warrant suspicion." It cautions that "they run the risk of becoming the 21st-century equivalent of general searches, which the authors of the Bill of Rights were so concerned to protect against."
Absent legal and technological protections, the report concludes, current surveillance efforts threaten to chill the behavior of ordinary citizens, stifling not just "innocuous, everyday activities" but also religious expression, political dissent, and public discourse.